Essay: Planning Your Proxy Server Implementation

A key factor in determining the success of any installation is planning. Planning involves several phases-from understanding your current capabilities, to determining your current needs, anticipating your future needs, and, ultimately, finding a viable solution. We have all been in situations where the immediate need surpassed the need for planning and the installation was rushed. More often than not, the installation had to be repeated to correct problems. Microsoft stresses successful planning techniques, both to ease the initial installation and as a preventative troubleshooting task.

The Site Analysis ProcessA key consideration of planning future network capacity is determining what services, users, and data will be present on the network. Take the time to complete a thorough site analysis. A bit of formal analysis now will ease the process of upgrading and configuring the system later. Don’t succumb to the “easy way out.” Planning can be a long and arduous task that is overlooked far too often, but one that pays off ultimately. Network Capacity Analysis

The capacity of a network is that network’s ability to support the amount of data transmitted over it. A network that can support the activity of your organization today may not be able to support the increased activity level when Internet access is offered via Proxy Server. You need to carefully consider the performance ramifications of adding new information services to an already overtaxed network.

Although Proxy Server’s ability to cache resources saves on performance over the Internet communication link, it does not decrease the amount of data ultimately transferred to the client. Even if 100 percent of requested data is stored in the proxy server’s cache, it will still be sent across your local network to the client computer, increasing network traffic significantly.

The first step in network capacity analysis is to define a baseline profile of the performance levels of your current network by using Performance Monitor and Network Monitor. This involves sampling various aspects of your network over several days. Examine these readings to decipher what is normal and abnormal about how your network performs. This includes pinpointing which areas of your network experience the heaviest load, which users or applications cause the most traffic, and if there are failure points (for example, broken cables, bad connectors, failed links, or misconfigured protocols). Compare the actual traffic and performance levels on your network with the known capacity of the hardware that composes your network.For example, if you’re using 10Mbps NICs and hubs on your network and the average network load is around 7 or 8Mbps, you have little room for additional traffic. A network consistently operating at 70 percent of available capacity would experience severe performance degradation if Internet information services were added to the existing system.As mentioned earlier, adding one or more Internet services to your current network will increase network traffic levels significantly. Often, adding Internet services requires an increase in the capacity of your network. Some considerations involved in expanding the capacity of your network include the following:ä The number and type of services provided by the proxy serverä The number of users accessing those servicesä The restrictions that will be implemented (particular users or groups, time of day, or amount of data)ä The number of users that may be added in the next year

Needs AnalysisDetermining your current needs involves making a list of services and features required on your network to improve or expand its current capabilities. This list can range from information services, to security restrictions, to content sources. To help you focus on this process, the following questions related to this process have been included. The needs analysis questions are divided into three categories:ä Why do you need Internet access?ä Connectivity What hardware do you have? Does it need to be up-graded?ä Security What type of access will you allow through Proxy Server?

Why Grant Internet Access?If you’ve come to this section of the book, you’ve probably already decided to connect to the Internet using Microsoft Proxy Server. However, the following are some questions to help you justify this implementation:ä What are the top three reasons you need to add Internet access to your network?ä How will your products and/or services be improved with Internet access?ä Is Internet access just today’s latest business fad or does it really offer solid, tangible benefits?ä What exactly are you expecting to happen once Internet access is added to your system?ä What capabilities and services are you expecting to deploy or derive from Internet access?ä Will the majority of information flow out from your network or in from the Internet?

Connectivity ConcernsAs mentioned earlier, the specifics of how to connect, and whether your network can handle the traffic generated by connecting, to the Internet must be addressed. Answers to the following questions will grant you insight into this area:

ä What network or communications technologies have recently been deployed within your organization?ä Ultimately, who is responsible for the deployment of Internet access on your network?ä Are improvements to the network properly funded? Are they included in the budget?ä Which is more important-service, reliability, or speed of access?ä What compromises are you willing to make to sustain reliability over speed (or vice versa)?ä To improve your network’s performance, what services or capabilities are you willing to sacrifice?ä If your Internet access links go down, what projects, tasks, or abilities will be affected?ä Is your current network media (NIC, hubs, repeaters, cables, and so on) upgradeable, expandable, or replaceable?ä Do you need a dedicated or on-demand Internet connection?

SecurityPerhaps the most important set of questions involves security and how information will be guarded on your network:

ä Which Internet information services will be supported, allowed, or deployed?ä Which capabilities and services will you prevent or deny in relation to Internet access?ä If full open access is not granted, what restrictions will be in place and who will determine them?ä What content filters will be put into place? Who is responsible for implementation and maintenance of these filters?ä What penalties will be enforced against users who violate (or attempt to violate) access restrictions?ä Have you documented the logic used to construct or describe your security or restriction system?ä What restrictions on “outsiders” do you plan to implement?ä How important is it to restrict or control access to your internal information?ä What does your organization consider a security breach?

From these lists of questions, you can formulate a clear picture of your present situation and what you want, need, or can afford in terms of Internet access. This knowledge is an important step in the process of deploying any new technology, including Proxy Server 2.0.Connecting With An Internet Service ProviderConnecting your network to the Internet involves working with an Internet Service Provider (ISP). As you know, ISPs are service companies that sell network access to the Internet. They purchase bandwidth in bulk and, in turn, resell it in smaller packages. You should evaluate an ISP in the same manner as you would any other supplier or vendor.

Types Of ISPsThere are three basic types of ISPs: global/national corporations, small local businesses, and hobbyists/amateurs. Global/national corporations ISPs are those ISPs that have points of presence across the country, or even around the world. Typically, you’ll not deal with ISPs of this level directly because they are most often in the business of wholesaling access to local business ISPs instead of end users. However, if your organization is of significant size, this type of ISP may be the only one that can adequately supply your connection needs. The cost for service from these large ISPs is often high, with little or no room for negotiation. In addition, although technical support may be available 24 hours a day, seven days a week, your specific issue or problem may not be as important to them as it is to you. The small local business ISPs generally have one or only a few points of presence.

Local ISPs are often more responsive to customer needs and can be flexible on service costs. The scope and value of services provided by a local ISP vary greatly, but with a little time and you can find a provider to meet your needs.

A hobbyist or an amateur access provider is often a small or upstart business. Most ISPs of this nature offer little in the way of value-added services, have limited bandwidth choices, and have unreliable service. We do not recommend using an amateur ISP for business Internet access.

Locating An ISPFinding the right ISP for your organization involves some work on your part. Mainly, it requires you to seek out possible ISPs, interview them, and then make an informed decision. You should be looking for a quality provider that is currently supporting professional or business customers. There are several ways to locate or discover ISPs initially; but just because an ISP is easy to find doesn’t mean its service is acceptable. We suggest you make a list of four or five ISPs, then evaluate them in light of the specific criteria discussed throughout this chapter. Listed here are a few methods for finding an ISP:

ä Word of mouth Ask friends or colleagues for references to ISPs with which they have had experience. Because a relationship with an ISP is typically very important, most customers will not hesitate in letting you know what they think about the service they are paying for.ä Newspaper and magazine advertisements Print advertisements are common methods of obtaining attention by ISPs. Check business and technology sections in your local newspaper to see who wants your business.ä Businesses/competition Ask other business owners, or even your competitors, who they use for their Internet service.ä Vendors Ask your hardware and software vendor/supplier/retailer for recommendations for ISPs. It’s not uncommon for technical salespeople to be aware of related products and services available locally.ä Yellow pages The phone book is now a great place to look for ISPs. Check out the entries under the headings of Internet, Computers, Computer Services, Network, Access Providers, or Online Access.ä Radio and television Many well-to-do ISPs are spending the money to advertise on radio and television. However, just because an ISP can afford the expense doesn’t mean it should be your only choice. It does mean, however, that the ISP is making a profit, which is a good sign.ä Search engines All of the Web-based search engines can provide you with an extensive list of ISP possibilities. Just search with the keywords “Internet Providers,” “Internet Service Providers,” and “Internet Access Providers.”ä www.thelist.com This Web site is a comprehensive database of ISPs.This well-organized collection of ISP information is worth taking a look at.ä Dlist This is another online resource worth looking into. Dlist or “Definitive listing of ISPs” is an email distribution of ISP information. To get the Dlist, just send an email to mj@ora.com. In the body of the message, include “request dlist.” Within minutes, you’ll receive an automated response that contains the list.

Test Your ISPOnce you’ve made a short list of ISP possibilities, run the list through the following gambit of tests. Switching from one provider to another is not impossible, but the switch can be fairly difficult and confusing. We recommend you take the time to ensure that everything you need in the foreseeable future is provided for with the ISP you select.

Technical SupportYour ISP should be able to provide you with technical support, advice, and consultation. Find out what technical support assets are available from an ISP, including any technical certification or education, length of experience, and troubleshooting success history. Find out the size of the technical support staff and the hours of availability. Ultimately, you’ll need to make a judgment call, if you have an emergency, will your ISP be able to offer a helping hand? You need to know if technical support is provided as part of normal service or if it’s provided on a paid basis only. Most often there’s a sliding scale of basic technical support.

Here are a few more items to ponder when making your ISP selection:

ä What is covered by the ISP’s technical support?ä What isn’t covered by the ISP’s technical support?ä Does technical support stop on the ISP’s end of the communications link or on your network’s communications device? Does it cover your clients?

Geographic LocationBecause you’ll be using the link between you and your ISP a great deal, it is unwise to select an ISP located a great distance from your network. Connecting to an ISP in a different area code, city, or state will cost more in line charges. Most likely, you’ll not be using a telephone line dial-up connection; however, other dedicated digital subscriber lines also have distance costs. If you have a choice, closer is always better.

Internet Information ServicesUsually, having a connection to the Internet through an ISP enables you to access every information service type available anywhere in the world. However, some ISPs have taken the liberty of restricting or blocking some of these services for various reasons-illegal activity, too much bandwidth waste, not enough storage capacity, or nonprofessional content. Often, the restrictions imposed by an ISP will correspond to your organization’s desired access limitations, but you should inquire about them all the same.

CommunicationUnlike most vendors from whom you purchase a product or service, you’ll develop a close relationship with your ISP. This is mainly because, from your perspective, it is the one link in the configuration of Internet communication that can bring everything to a halt when it fails. Look into the ability to contact the ISP by phone, email, and the Web. If you fail to get a human on the phone or don’t get a response to your email within 24 hours, you should look elsewhere for Internet service. An ISP that communicates with its customers is one that values customer satisfaction.

Remote ConnectivityIf members of your organization travel frequently, you may want to inquire about out-of-town access methods. Some ISPs have contracts with other ISPs across the country to provide their users with consistent access while on the road. If you plan to implement virtual private network (VPN) services, discuss your technologies with the ISP to guarantee that its routers, gateways, and servers can handle the load and will allow the specialized connections to take place.

DowntimeEven the largest ISPs have one problem in common with small local ISPs, humans run the computers and problems do occur. No service is 100 percent guaranteed. What is important is how an ISP deals with system failures and downtime. Ask the ISP about downtime history and the efforts that were made to restore service. Plus, ask if refunds or discounts are available for serious lapses in connection time.

Business BackgroundNever hook up your organization’s network to an ISP that is less than two or three years old. Success comes with maturity, and experience has no substitute when dealing with the Internet. Plus, the longer an ISP has been in business, the more information you can find about it. Inquire with the Better Business Bureau, request customer references, ask to speak with customers who stopped working with the ISP, and look for any business report or study about the ISP. Ask to see a business plan, financial statement, and any documents about the goals or future of the business.

CompatibilityEven the best ISPs will be worthless to you if their hardware and software are incompatible with yours. Generally, because the communication link will be a TCP/IP connection, there’s very little chance that a communication problem will exist. But if your ISP uses only Unix systems and you use Windows NT, it may not be able to offer you much in the way of useful technical support if something on your end goes awry.

One way to improve the compatibility of your ISP is to use the same type of communication device on your end of the link as it uses. Whenever possible and practical, duplicate the computer setups and networking hardware employed by the ISP-any equipment you have in common with the ISP is another area where you can leverage its expertise.

ISP Peak TimeISPs have hundreds or even thousands of customers. You need to know when the ISP experiences its highest level of network traffic. This will be a combination of the Internet’s peak times and the use patterns of the ISP’s customers. There’s little you can do to completely avoid peak time, but you can use this information to schedule your automated services and caching systems. Most ISPs maintain bandwidth and throughput statistics for its own use. It shouldn’t be any great effort to obtain this information.

Bandwidth OptionsYour network needs will grow, and it will eventually require larger connection pipelines to your ISP.

Make sure your ISP already has available the next level of bandwidth you’ll eventually need. In addition, make sure the ISP has an ongoing plan for expansion to add new levels of service as they become available at a reasonable cost. Don’t get stuck with an ISP that can only offer you modem and ISDN access if you anticipate the need for a T1 or Asynchronous Transfer Mode (ATM).

Fine PrintAlways get everything regarding your account with the ISP in writing, signed by you and the ISP. This is the only way to get what you ask (and pay) for. If it’s not in writing when you sign the contract and hand over the first payment, you have no basis to demand it. Special services, unique configurations, technical support depth, and any added services must be spelled out. Every time either you or the ISP needs to alter or change the inventory of services, this document needs to be re-created or at least properly amended.

Choosing The Right Internet Connection For Your NetworkA pipeline is a slang term referring to the communications link between your network and your ISP, which is appropriate because the ability for a connection to support significant amounts of data is dependent upon the size of the link. Choosing the most appropriate link for your network can be a bit of a guessing contest. Until you actually get everything deployed, you won’t know for sure exactly how much traffic will move over the link and how popular Internet access will be.

Although the caching services of Proxy Server 2.0 can limit the amount of traffic sent over your Internet connection, bandwidth calculations should be made for a worst-case scenario. The following formula can give you an indication of the bandwidth you will need:Number of users X bandwidth per user X 1.4 = pipeline sizeThe number of users in this equation should be the actual user count of individuals who will be given access to resources over the Internet. The bandwidth required, per user, equals how much data, per second, is minimally required for each user based on the information services (email, FTP, and so on) used on the network. If users only have email, a bandwidth of .75Kbps per user is sufficient.

However, if FTP, Web, or streaming multimedia is retrieved from the Internet, 7.5Kbps per user is required-effectively, 10 times the requirement for email-only connections. Multiply the resulting number by 1.4 adds in 40 percent for growth. By using this formula, a 700Kbps link would be sufficient for a network with 100 Internet users, needing 5Kbps each. This equates to five or six ISDN connections or a fractional T1. Remember that this is a worst-case calculation. It may be that this is too much bandwidth for such a small network because Proxy Server will be used and rarely will all 100 users be accessing Internet resources simultaneously.

Discuss your needs and plans with the ISP before making a decision to deploy less than what this formula recommends. When it comes to networking, especially when connecting to the Internet, you can never have too much bandwidth. No matter what size pipeline you install, your Internet use will grow to consume every last bit of available bandwidth. Look ahead, take precautions, discuss options in-depth with your ISP, but don’t spend more than you can afford.

Most ISPs will offer several options in communication link sizes and cost. Here is a list of some of the more common options:

ä POTS (plain old telephone service) An analog communications link with a maximum bandwidth of 56Kbps.ä ISDN (Integrated Services Digital Network) A digital communications link with a maximum bandwidth of 128Kbps per dual-channel line.ä 56Kbps leased line A digital communications link with a bandwidth of 56Kbps.ä T1 and fractional T1 A digital communications link with a bandwidth of 1.544Mbps for a full T1. This link is also available in 56 or 256Kbps fractional T1 chunks.ä Others Several other digital communication link technologies may be available in your area with a wide variety of bandwidths. These include cable modems, ATM, Frame Relay, Switched Multimegabit Data Service (SMDS), Digital Subscriber Line (DSL), and Synchronous Optical Network (SONET).

Most of these options are available in either dedicated or nondedicated form. Dedicated service means you’re assigned exclusive access to a specific communications port, which guarantees your connection, but at a price. Nondedicated service means you must compete with other users to gain access to a pool of communications ports. Nondedicated service does not guarantee access at any time and, therefore, is much less expensive. We recommend dedicated service for a business network connection. Nondedicated service can impose complications on a network and, therefore, should only be considered if dedicated service is cost prohibitive.

Choosing the Right Hardware For Your Proxy ServerWhen selecting hardware for your proxy server, the amount of data to be transferred must be taken into account. The physical size and the number of computers on your network are related, but are ancillary considerations. You should also take note that no two networks are the same. They vary in an infinite number of possibilities. Consequently, our recommendations and the recommendations of Microsoft may not be the absolute best fit for your specific situation. Take the time to examine every aspect of your network before accepting the recommendations of experts who have no direct experience with your system. With that in mind, we’ll still review some common or basic configurations for networks of various workloads (which, coincidentally, corresponds to geographic size and number of computers).

In all of the following computer configurations, it is assumed you are using a dedicated Windows NT Server, NT-compatible components, and that NT Server is already installed.

Low-Volume NetworkA low-volume network is typically a network in a SOHO (Small Office/Home Office) environment with 10 or fewer computers. Low-volume networks can obtain adequate Internet access using a single proxy server connected to a single ISDN line. Microsoft recommends that the computer hosting Proxy Server meet the following minimum requirements:

ä Intel Pentium 133 or fasterä 2GB of storage space for cachingä 32MB of RAM, or more

Moderate-Volume NetworkA moderate-volume network is typically a network in a mid-size company with under 1,000 computers. Moderate volume networks can obtain adequate Internet access using two or more proxy servers arranged in an array or chain connected to multiple ISDN lines or a fractional T1. Microsoft recommends that the computer hosting Proxy Server meet the following minimum requirements:

ä Intel Pentium 166 or fasterä 2 to 4GB of storage space for cachingä 64MB of RAM, or more

High-VolumeA high-volume network is typically a network in an enterprise corporation with thousands of computers. High volume networks can obtain adequate Internet access using multiple proxy servers in a combined array and chain combination connected to a T1 line or greater. Microsoft recommends that the computer hosting Proxy Server meet the following minimum requirements:

ä Intel Pentium 200, Pentium Pro 166 or fasterä 8 to 16GB of storage space for cachingä 128 to 256MB of RAM, or more